[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] EdDSA signature process

From: Bernd Fix
Subject: Re: [GNUnet-developers] EdDSA signature process
Date: Wed, 11 Jul 2018 15:54:00 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

Does 0.11.0 change the wireformat of the p2p messages? If so, it could
be feasible to change the sign/verify semantics. But if not, it is
better to wait until other (crypto-related) changes make it into the
version that would break compatibility anyway...    >Y<

On 07/11/2018 01:38 PM, Devan Carpenter wrote:
> Thanks for the discovery and analysis of this, Bernd. 
> I wonder if this would be feasible to try to make into the 0.11.0 release..?
> Bernd Fix transcribed 1.1K bytes:
>> The EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign
>> (&sig, msg, prv)' function not with the message itself, but with the
>> SHA512 hash value of the message.
>> Due to the intricities of EdDSA signing this is not necessary (hashing
>> is done in the sign function itself, as more than just the message is
>> hashed for this).
>> Although the GNUnet approach is not breaking things technically, it
>> produces unnecesary load: It is running an extra SHA512 - and because
>> the signed message is usually rather small (from what I have seen until
>> now the signed data is smaller than the 64 bytes of a SHA512 result),
>> the sign functions even needs to hash more data than necessary.
>> I guess that changing the sign/verify procedure would break
>> compatibility between new and old nodes and is therefore not feasable. I
>> just want to mention this in case a major version change is considered.
>> Thanks for your attention, Bernd.
>> _______________________________________________
>> GNUnet-developers mailing list
>> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]